From 0d5277d7380ed5ae61216c7041bbafe934827613 Mon Sep 17 00:00:00 2001 From: Arne Schwabe Date: Tue, 15 Jun 2021 16:45:45 +0200 Subject: Number of miscellenous fixes and clean ups --- .../de/blinkt/openvpn/core/OpenVPNService.java | 5 +- .../blinkt/openvpn/activities/ConfigConverter.kt | 1 + .../de/blinkt/openvpn/activities/MainActivity.java | 14 ++---- .../openvpn/fragments/Settings_Allowed_Apps.kt | 2 +- .../openvpn/api/ExternalCertificateProvider.aidl | 21 +++++++- .../externalcertprovider/ExternalCertService.java | 58 ++++++++++++---------- .../blinkt/externalcertprovider/SimpleSigner.java | 7 ++- 7 files changed, 65 insertions(+), 43 deletions(-) diff --git a/main/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java b/main/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java index d37f34ed..22d451eb 100644 --- a/main/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java +++ b/main/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java @@ -891,7 +891,7 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac VpnStatus.logInfo(R.string.dns_server_info, TextUtils.join(", ", mDnslist), mDomain); VpnStatus.logInfo(R.string.routes_info_incl, TextUtils.join(", ", mRoutes.getNetworks(true)), TextUtils.join(", ", mRoutesv6.getNetworks(true))); VpnStatus.logInfo(R.string.routes_info_excl, TextUtils.join(", ", mRoutes.getNetworks(false)), TextUtils.join(", ", mRoutesv6.getNetworks(false))); - if (mProxyInfo != null) { + if (mProxyInfo != null && Build.VERSION.SDK_INT >= Build.VERSION_CODES.LOLLIPOP) { VpnStatus.logInfo(R.string.proxy_info, mProxyInfo.getHost(), mProxyInfo.getPort()); } VpnStatus.logDebug(R.string.routes_debug, TextUtils.join(", ", positiveIPv4Routes), TextUtils.join(", ", positiveIPv6Routes)); @@ -1087,6 +1087,9 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac } public boolean addHttpProxy(String proxy, int port) { + if (Build.VERSION.SDK_INT < Build.VERSION_CODES.LOLLIPOP) + return false; + try { mProxyInfo = ProxyInfo.buildDirectProxy(proxy, port); } catch (Exception e) diff --git a/main/src/ui/java/de/blinkt/openvpn/activities/ConfigConverter.kt b/main/src/ui/java/de/blinkt/openvpn/activities/ConfigConverter.kt index 199c7819..5a42599f 100644 --- a/main/src/ui/java/de/blinkt/openvpn/activities/ConfigConverter.kt +++ b/main/src/ui/java/de/blinkt/openvpn/activities/ConfigConverter.kt @@ -73,6 +73,7 @@ class ConfigConverter : BaseActivity(), FileSelectCallback, View.OnClickListener } override fun onRequestPermissionsResult(requestCode: Int, permissions: Array, grantResults: IntArray) { + super.onRequestPermissionsResult(requestCode, permissions, grantResults); // Permission declined, do nothing if (grantResults.size == 0 || grantResults[0] == PackageManager.PERMISSION_DENIED) return diff --git a/main/src/ui/java/de/blinkt/openvpn/activities/MainActivity.java b/main/src/ui/java/de/blinkt/openvpn/activities/MainActivity.java index fa6c4159..58698ea3 100644 --- a/main/src/ui/java/de/blinkt/openvpn/activities/MainActivity.java +++ b/main/src/ui/java/de/blinkt/openvpn/activities/MainActivity.java @@ -14,6 +14,8 @@ import android.view.MenuItem; import androidx.appcompat.app.ActionBar; import androidx.viewpager.widget.ViewPager; +import com.google.android.material.tabs.TabLayout; + import de.blinkt.openvpn.R; import de.blinkt.openvpn.fragments.AboutFragment; import de.blinkt.openvpn.fragments.FaqFragment; @@ -29,7 +31,7 @@ public class MainActivity extends BaseActivity { private static final String FEATURE_TELEVISION = "android.hardware.type.television"; private static final String FEATURE_LEANBACK = "android.software.leanback"; - //private TabLayout mTabs; + private TabLayout mTabs; private ViewPager mPager; private ScreenSlidePagerAdapter mPagerAdapter; @@ -58,19 +60,11 @@ public class MainActivity extends BaseActivity { } - if (isDirectToTV()) + if (isAndroidTV()) mPagerAdapter.addTab(R.string.openvpn_log, LogFragment.class); mPagerAdapter.addTab(R.string.about, AboutFragment.class); mPager.setAdapter(mPagerAdapter); - - //mTabs = findViewById(R.id.sliding_tabs); - //mTabs.setViewPager(mPager); - } - - private boolean isDirectToTV() { - return (getPackageManager().hasSystemFeature(FEATURE_TELEVISION) - || getPackageManager().hasSystemFeature(FEATURE_LEANBACK)); } diff --git a/main/src/ui/java/de/blinkt/openvpn/fragments/Settings_Allowed_Apps.kt b/main/src/ui/java/de/blinkt/openvpn/fragments/Settings_Allowed_Apps.kt index 9ad32a47..c6712251 100644 --- a/main/src/ui/java/de/blinkt/openvpn/fragments/Settings_Allowed_Apps.kt +++ b/main/src/ui/java/de/blinkt/openvpn/fragments/Settings_Allowed_Apps.kt @@ -90,7 +90,7 @@ class Settings_Allowed_Apps : Fragment(), AdapterView.OnItemClickListener, View. mListView.adapter = packageAdapter Thread(Runnable { - packageAdapter.populateList(activity!!) + packageAdapter.populateList(requireActivity()) activity?.runOnUiThread({ (v.findViewById(R.id.loading_container)).visibility = View.GONE (v.findViewById(R.id.app_recycler_view)).visibility = View.VISIBLE diff --git a/tlsexternalcertprovider/src/main/aidl/de/blinkt/openvpn/api/ExternalCertificateProvider.aidl b/tlsexternalcertprovider/src/main/aidl/de/blinkt/openvpn/api/ExternalCertificateProvider.aidl index c6db965b..951cff96 100644 --- a/tlsexternalcertprovider/src/main/aidl/de/blinkt/openvpn/api/ExternalCertificateProvider.aidl +++ b/tlsexternalcertprovider/src/main/aidl/de/blinkt/openvpn/api/ExternalCertificateProvider.aidl @@ -1,16 +1,16 @@ // ExternalCertificateProvider.aidl package de.blinkt.openvpn.api; - /* * This is very simple interface that is specialised to have only the minimal set of crypto * operation that are needed for OpenVPN to authenticate with an external certificate */ interface ExternalCertificateProvider { /** + * @deprecated use {@link #getSignedDataWithExtra} instead * Requests signing the data with RSA/ECB/PKCS1PADDING * for RSA certficate and with NONEwithECDSA for EC certificates - * @parm alias the parameter that + * @param alias user certificate identifier */ byte[] getSignedData(in String alias, in byte[] data); @@ -36,4 +36,21 @@ interface ExternalCertificateProvider { * */ Bundle getCertificateMetaData(in String alias); + + /** + * Requests signing the data with RSA/ECB/PKCS1PADDING or RSA/ECB/nopadding + * for RSA certficate and with NONEwithECDSA for EC certificates + * @param alias user certificate identifier + * @param data the data to be signed + * @param extra additional information. + * Should contain the following keys: + *

    + *
  • int key "de.blinkt.openvpn.api.RSA_PADDING_TYPE", may be set as: + *

      + *
    • 0 - for RSA/ECB/nopadding + *
    • 1 - for RSA/ECB/PKCS1PADDING + *

    + *

+ */ + byte[] getSignedDataWithExtra(in String alias, in byte[] data, in Bundle extra); } diff --git a/tlsexternalcertprovider/src/main/java/de/blinkt/externalcertprovider/ExternalCertService.java b/tlsexternalcertprovider/src/main/java/de/blinkt/externalcertprovider/ExternalCertService.java index caf382dd..a0e66456 100644 --- a/tlsexternalcertprovider/src/main/java/de/blinkt/externalcertprovider/ExternalCertService.java +++ b/tlsexternalcertprovider/src/main/java/de/blinkt/externalcertprovider/ExternalCertService.java @@ -12,21 +12,14 @@ import android.os.IBinder; import android.os.RemoteException; import android.text.TextUtils; import de.blinkt.openvpn.api.ExternalCertificateProvider; -import org.bouncycastle.openssl.PEMKeyPair; -import org.bouncycastle.openssl.PEMParser; import javax.crypto.BadPaddingException; -import javax.crypto.Cipher; import javax.crypto.IllegalBlockSizeException; import javax.crypto.NoSuchPaddingException; import java.io.IOException; -import java.io.StringReader; import java.security.InvalidKeyException; -import java.security.KeyFactory; import java.security.NoSuchAlgorithmException; -import java.security.PrivateKey; import java.security.spec.InvalidKeySpecException; -import java.security.spec.PKCS8EncodedKeySpec; import static de.blinkt.externalcertprovider.SelectCertificateActivity.EXTRA_ALIAS; import static de.blinkt.externalcertprovider.SelectCertificateActivity.EXTRA_DESCRIPTION; @@ -37,31 +30,37 @@ import static de.blinkt.externalcertprovider.SelectCertificateActivity.EXTRA_DES * see ExternalOpenVPNService for an example of checking caller's creditionals */ public class ExternalCertService extends Service { + private byte[] doSign(byte[] data) + { + try { + return SimpleSigner.signData(data, false); + + } catch (IOException e) { + e.printStackTrace(); + } catch (NoSuchPaddingException e) { + e.printStackTrace(); + } catch (NoSuchAlgorithmException e) { + e.printStackTrace(); + } catch (IllegalBlockSizeException e) { + e.printStackTrace(); + } catch (BadPaddingException e) { + e.printStackTrace(); + } catch (InvalidKeySpecException e) { + e.printStackTrace(); + } catch (InvalidKeyException e) { + e.printStackTrace(); + } + // Something failed, return null + return null; + } private final ExternalCertificateProvider.Stub mBinder = new ExternalCertificateProvider.Stub() { + + @Override public byte[] getSignedData(String alias, byte[] data) throws RemoteException { - try { - return SimpleSigner.signData(data); - - - } catch (IOException e) { - e.printStackTrace(); - } catch (NoSuchPaddingException e) { - e.printStackTrace(); - } catch (NoSuchAlgorithmException e) { - e.printStackTrace(); - } catch (IllegalBlockSizeException e) { - e.printStackTrace(); - } catch (BadPaddingException e) { - e.printStackTrace(); - } catch (InvalidKeySpecException e) { - e.printStackTrace(); - } catch (InvalidKeyException e) { - e.printStackTrace(); - } - // Something failed, return null + return null; } @@ -79,6 +78,11 @@ public class ExternalCertService extends Service { b.putString(EXTRA_DESCRIPTION, "Super secret example key!"); return b; } + + @Override + public byte[] getSignedDataWithExtra(String alias, byte[] data, Bundle extra) throws RemoteException { + return new byte[0]; + } }; diff --git a/tlsexternalcertprovider/src/main/java/de/blinkt/externalcertprovider/SimpleSigner.java b/tlsexternalcertprovider/src/main/java/de/blinkt/externalcertprovider/SimpleSigner.java index 7d2f6786..ecce2c84 100644 --- a/tlsexternalcertprovider/src/main/java/de/blinkt/externalcertprovider/SimpleSigner.java +++ b/tlsexternalcertprovider/src/main/java/de/blinkt/externalcertprovider/SimpleSigner.java @@ -120,7 +120,7 @@ public class SimpleSigner { "hEi44aHbPXt9opdssz/hdGfd8Wo7vEJrbg7c6zR6C/Akav1Rzy9oohIdgOw=\n" + "-----END CERTIFICATE-----\n"}; - public static byte[] signData(byte[] data) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException { + public static byte[] signData(byte[] data, boolean pkcs1padding) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException { // This is more or less code that has been just modified long enough that it works // Don't take it as good example how to get a Privatekey StringReader keyreader = new StringReader(SimpleSigner.certchain[0] + SimpleSigner.pemkey); @@ -136,7 +136,10 @@ public class SimpleSigner { // The actual signing Cipher signer; - signer = Cipher.getInstance("RSA/ECB/PKCS1PADDING"); + if (pkcs1padding) + signer = Cipher.getInstance("RSA/ECB/PKCS1PADDING"); + else + signer = Cipher.getInstance("RSA/ECB/nopadding"); signer.init(Cipher.ENCRYPT_MODE, key); -- cgit v1.2.3